A Built-In Malware Scanner

Yes, it's hard to believe, but Google is working on a malware scanner for the Play Store. The string file doesn't lie:

<string name="package_malware_title">App Check</string> <string name="package_malware_consent_text">"Allow Google to check all apps installed to this device for harmful behavior?To learn more, go to Settings > Security."</string> <string name="package_malware_banner_warning">Installing this app may harm your device</string> <string name="package_malware_banner_blocked">Installation has been blocked</string> <string name="package_malware_recommendation_warning">Google recommends that you do not install this app.</string> <string name="package_malware_recommendation_blocked">To protect you, Google has blocked the installation of this app.</string> <string name="package_malware_app_name">App name: \"%s\"</string> <string name="package_malware_checkbox_label">I understand that this app may be dangerous.</string> <string name="package_malware_consent_title">Verify apps?</string>

Apparently, there are two parts to this. There is something called "App Check" that will allow Google to inspect every app you've already downloaded, and a doorman-style app blocker that will warn you if an app is suspicious. It also sounds like they will have a "shut up and download it" button, for people that like to live on the edge.

We reported earlier on Bouncer, Google's server-side Play Store malware cop, but this sounds like a new, client-side initiative, possibly the result of their recent acquisition of VirusTotal.

Besides the strings, there's new artwork, which is probably for this feature. The exclamation point signs are all separate pieces, each called some variation of "ic_warning_dark.png," and the shield is called "ic_shield_dark.png." Obviously the warning would be for unchecked stuff, and the shield would assure you everything is ok.

Wish List Progress

The wish list feature we told you about is coming along nicely. The APK has several different styles of buttons - it looks like the earlier "star button" design got canned. Their names are all variations of "ic_menu_market_wishlist.png," and "ic_menu_wish_off_dark.png." The layout file for this is called "wishlist_panel.xml," which immediately conjures up images of the Google+ or YouTube sidebar.

Is anyone else noticing that all the new art is white? I had to add the dark backgrounds, because white on white doesn't look too great. The thing is, the Play Store will have the same problem. I don't see where all this white iconography would fit into the Play Store's mostly-white design. So, since Google is giving us more light icons, I say, expect more dark backgrounds.

There is also ton of freshly-added text for wish lists:

<string name="content_description_wishlist_add">Include in wishlist</string><string name="content_description_wishlist_remove">Remove from wishlist</string><string name="wishlist_adding">Adding %1$s to wishlist</string><string name="wishlist_adding_backupstring">Adding to wishlist</string><string name="wishlist_removing">Removing %1$s from wishlist</string><string name="wishlist_removing_backupstring">Removing from wishlist</string><string name="wishlist_add_success">%1$s added to wishlist</string><string name="wishlist_remove_success">%1$s removed from wishlist</string><string name="wishlist_add_error">%1$s could not be added to wishlist</string><string name="wishlist_remove_error">%1$s could not be removed from wishlist</string><string name="my_wishlist_empty">There are no items in your wishlist. To add items, tap the bookmark whenever you see it in the menu above.</string>

Wish lists aren't done yet, there's still obvious missing code for things like the buttons, but it's good to see some progress.

Other Tidbits

Remember in my last APK Teardown, when I said Wallet was getting PayPal-style money storage? It sounds like the Play Store is in for the same thing. There is now mention of a "Google Play Balance":

Let's just hope that the Play Store balance and Wallet balance are the same thing. Otherwise things would get confusing.

Update: Turns out the Play Store Balance isn't entirely new, it's what Google has been calling your gift card balance. The string text is still new though, so you'll soon be able to refill it from your device.

<string name="app_already_installed_other_user">You cannot install this app because another user has already installed an incompatible version on this device.</string>

That is a strange error message, isn't it? Another user has installed an incompatible version? Meaning what? I guess some apps don't work with multiple users? I'd love to hear your ideas in the comments.

Articles like this is why I absolutely love AP. Ron, great work!
P.S. I really hope that PayPal gets added as a future way to add cash to Google Wallet, as I'd love to use some of the cash I have sitting in a PayPal account to buy some apps! (and before you suggest that I deposit it into a bank account, then use that money, I'm in high school).

As for the error message at the end, I have 2 theories:
1. This comes up if you're trying to install a different version of an app another user already installed.
2. This comes up with you're trying to install an app with a different signature compared to another app already installed.

Here's another idea. Maybe it's related to enterprise security restrictions. Maybe an enterprise can set version restrictions.

masterdebater

I think Play Store sends app and phone info to a db when it detected that it is incompatible (or with issues) on a specific device and as another user downloads the same app with the same phone on the db, it will flag it and that snippet will appear. A little sneaky but it's for the good.

On my Nexus I have two of my Gmail accounts added. In the Play store I can switch between what email I want to download an application under. If I have a specific application version installed already under one email and I try to install a newer version of that application using the other email this error should happen.

probably just as a placebo effect to make people feel safer. its probably safe to assume that a lot of people dont know about Google's server side malware checking, plus all the blogs and "news" sites constantly doing stories about how "There are a billion malware apps on android! its unsafe! hide yo kids!"

Oli Lane

Because you can install apps from places other than Google's servers.

RedPandaAlex

Then it should be built into the OS rather than into the Play Store app.

Nexus devices aside, how often is your phone/tablet getting OS updates? Devices that have been abandoned on anything before Jellybean would never get this feature and it would take at least 2 years before it was even on 50% of devices...Or they can build it into an app that gets updates about every 6 weeks.

Lest we forget the other reasons to keep it out of the OS. Leading the pack is that custom ROMs might not be allowed to use this feature, it might not be released/licensed for that use. Another great reason, Google can lose control of it when OEMs and carriers get involved. I know that one is unlikely and might violate Android certification requirements that are added to protect it, but I can confidently say that all three of the major OEMs (HTC, Samsung, and Motorola...I'm still not sold on LG) have changed or screwed up core components of the OS with various ROMs they've released and I think they would do it again. Those are just a couple, I'm sure there are more.

RedPandaAlex

Well, I'm just wondering if it's possible for the store app to scan direct apk installs

There are already other apps that function as virus scanners in the same way that we're talking about the Play Store. The Play Store also gets a higher security level (I think it runs as root, but don't quote me on that), so it's allowed to do stuff that some virus scanners can't (unless you've rooted your phone and given them permission). There's no reason to assume the Play Store wouldn't be great for this purpose.

ari_free

But would this blocker work for apps that you downloaded outside the Play store? That's probably where most of the problem comes from. Then again, I don't give a flying duck for people who get malware after downloading pirated apps.

Jameslepable

You get warned when you choose to install from outside the play store. And seeing that most apps installed outside are probably pirated (obviously amazon and get jar not included). Google probably doesn't want to do that as it will sort of promote pirating unintentionally

How many people actually sideload? Or even know what sideloading or APKs are? If you frequent Android forums, you'd see a whole lot of users who still doesn't know what the "install from unknown sources" checkbox is all about. Or are even fearful of it. (it's wording does leave a bit to the imagination) A large percentage of the Android community likely still only know of Google Play as the sole avenue for obtaining apps.

Yet of those who do sideload, many would have also heard of the XDA-Developers forums, which currently boast a membership base of over **4 million** users. Many of them are not developers themselves, that distinction is not important; developers or consumers most (if not all of them) sideload and flashes custom-made software and ROMs/kernels packages on a regular basis.

I know this will come across as a huge generalization too, but China is probably one of the top reasons this is happening. I'm not trying to discuss the issues with Chinese piracy which we do know to be very significant, and yes, I know the reasons. Every time people talk about malware on Android, they are usually pulling their "numbers" from Chinese markets where piracy is much thicker.

Of course, piracy is only one of the reasons why side-loading is so common in China. One of the things that people don't talk about is that there is a relatively heavy market for apps that have been modified to add Cantonese (and Mandarin) translations to apps that are usually only in Germanic and Latin derived languages.

Side-loading is extremely common in China for both of these reasons and surely many others. While not everybody there will have the Play Store, at least it stands a chance of reaching many of them. Malware statistics are comparatively awful over there compared to here, and I think Google was motivated to take the initiative to reduce the spread of viruses regardless of the reasons people might be side-loading.

Actually Cody, *your* hypothesis wouldn't be considered a huge generalization at all. Last I checked, China still doesn't get paid apps support in Google Play.
(I've even seen forum posts where new phones, such as the Galaxy S III, bought direct from Chinese telecommunications companies, are said to come with no Google Play installed, and upon manual installation, force closes.)

So to say that many Chinese Android users may be resorting to piracy to get their app fix is unlikely to be far from the truth at all. (why would someone buy a smartphone at high cost if they're unable to get the apps that provide the experience?)

I don't think that Google's malware scanner not scanning side-loaded apps has anything to do with "not encouraging piracy", but your guess that Google's motivation for introducing such a mechanism in the Play installed apps is an attempt to stem the global spread of malware certainly has merit. It's actually the same reason Microsoft gave for creating the original Windows Live OneCare, and when that didn't work out as a profit channel, they worked hard to produce the free (and, actually pretty good) Windows Security Essential package.

Jameslepable

I could easily enough point to the websites dedicated to pirate apps where the would be malware. Piracy isn't as much a problem that people make out to be but you must realise that a large proportion of people who allow unknown sources are pirating. This is in places like China and India.

Yes you could do that, but note that supply and demand aren't the same thing.

Just like having one single Google Play store doesn't mean that only a minority of Android users are buying legitimate apps, neither does having multiple pirate sites mean that the majority are getting them from illegitimate sources.

Unlike XDA which I mentioned, where visitors ARE to download stuff, many of these sites exists HOPING that people would download. Like businesses, they cater for the supply, but does not guarantee the demand.

This is why I said it was a huge generalization. Places like China, much higher possibility of being true since they have no official Google support for paid apps. But other places, especially in well developed countries, less likely. The situation is compounded by the fact that many smartphone users, iOS and Android alike, are not really as tech-savvy as you'd expect, and would rather not delve into the unknown if they can help it.

Tony NoName

Talk about a huge generalization! lol.... you take the cake with this one. It's been estimated that over that over 70% of Android device users set them up for side loading. Whether it be downloading music from Amazon or even some Apps from them. Any time you download anything to your device outside of Play Store you are informed.

That's even if you develop your own Apps. It's to let you know that those App do not go through Google's Bouncer for deadly hidden malware. So unlike Apple, who just refuses to allow you to install even your own developed Apps on your own device, from your own computer, Google doesn't require App signing to install an App. When HTML5 Apps become popular and we're able to pay for them off in secure transactions out of the reach of Apple and Play Stores, what's going to happen then? Will all have Gate Keepers that bounce Apps because Developers and content providers can start earning their money directly w/o paying Apple or Google? Well at least we know that Google won't care and at least we can side load w/o interference of companies like Apple!

blunden

They finally updated the notification drawables for xhdpi. That sure took a long time.

Jeffrey Smith

Regarding the multi-user thing, a couple of interesting additional permissions were added to the manifest: MANAGE_USERS and INTERACT_ACROSS_USERS.

IncCo

This is definitely the best place for android news

dude

Its the only Android news site I've found so far that doesn't involved fanboys constantly throwing personal insults at everyone.

Eye4Detail

I wonder if the "incompatible version" error has to do with Amazon apps. I know that when attempting to update an Amazon app through the Play Store, I get an error message. This new message may have to do with one user having an Amazon app installed and another trying to install the Play Store version.

Plus, it doesn't jump back up to the top of the apps list when you view an app!

Name

I'm not happy with the google spyware.. Reporting what I'm installing and turning it into ads.

Josh

Google already knows everything you're installing from the Play Store and it wouldn't really surprise me if they already know about the apps you've sideloaded too.

Thx84

My guess is this is the way to figure which apps you side loaded and more importantly which ones you stole/pirated

Oli Lane

Then you can turn it off. No problem.

tBs_Battousai

My UK GNex is still on 3.8.17... :(

UmangKedia

Can you plz explain how these malware scanner might work?

According to me, it will work only for apps downloaded from Play Store. If that's the way its going to work then why can't google scan the apps while they are being uploaded on Play Store? Google can already mark it as suspicious or whatever.

eman3316

When is the Play Store going to allow you to see just your purchase apps without having to look through everything you have ever downloaded! They definitely need some sort of filtering features. How about being able to alphabetize even or look through apps and sort them be rating? I can't believe we do not have these sorting features yet.

Very cool, thanks for the info. This may be a dumb question, but is there anyway to force the Play store to upgrade?

Asphyx

I'm a little confused here...
I love the idea they are going to scan for Malware before you install an App
but wouldn't this be better done if they did these checks as the app in question was being uploaded to the store?
Having a client side check is always a good thing but it's better to incorporate it into the installer not the storefront.apk so it works on side loaded apps as well.
How good of a malware check can this actually be?

Oli Lane

They already do it server side, it's called Bouncer. This is in addition.

Tony NoName

This is a Scanner Only! .....it does not clean or prevent the App from being downloaded in the first place. It just informs people of the malware and lets them make the decision on whether they want to download it or not!

Which is a lot better than what Apple or these other stores (Amazon, etc) do. On all these other stores (including Apple's) some malware, adware, tracking, etc and you are only given a disclosure (that no one reads) agreement and that's it. This new Play Store feature won't let any App or Content Developer slide their App past you w/o YOU having the ability to find all the particulars on just what it's doing. It's a Gate Keeper type Bouncer for the Consumer.

It means NO RED HERRING APPS.... EVER (in Play Store). So even if Google (unlike Apple gets away with) is aiding and abetting unscrupulous developers you'll know about it. Amazon and Apple turn a blind eye to some developer developer's spying and malware activity. Crazy since Apple in particular always claims to be looking out for your best interest. Yet.... every Apple user is supposed to feel all safe and sound inside the their Garden Walled Prison Farm Network! ......meanwhile the Fox is left guarding the hen house for their own scrumptious deserts (their 30% cut on paid Apps)!

That's why Google is better than them all and always have been. They prefer to inform and give users a Choice and none of the competition does that!

The My Apps page is not only completely useless, it's completely WRONG! I have 54 apps installed on my phone. My Apps only shows 11 of them. The rest of the page is apps I'll never use again. Which can't be deleted. GRRRR!